spam IP addresses
tallison at tacocat.net
tallison at tacocat.net
Mon May 24 17:53:51 CEST 2004
> From: "Boris 'pi' Piwinger" <3.14 at logic.univie.ac.at>
>> tallison at tacocat.net wrote:
>>
>> > Just for fun I counted up all the IP addresses that sent me spam and
>> did
>> > a tally of how many of these IP addresses sent me how many spams
>> > # spam # of IP addresses
>> > 1 4617
>> > 2 243
>> > 3 28
>> > 4 6
>> > 5 2
>> > 8 3
>> > 28 1
>> > 180 1
>
> Alternatively, look at ASNs. Here are some of my top ones:
>
> #spam #ham #ASN
> 1050 as4294967295
> 671 as6478
> 415 1 as7132
> 308 217 as22909
> 235 13 as3561
> 237 as4134
> 213 5 as3356
> 172 as852
> 173 as11938
> 12 156 as13749
>
> Of course the list goes on... there are dozens of very polarized ASNs in
> my list. This seems quite useful. Perhaps this is because spammers will
> rotate IPs but stay in the same general area. Subnets might help in this
> regard too, but probably not quite as much.
>
This might have some payback.
I wonder if postfix can support blocking on an ASN assignment rather than
an IP assignment. I'm trying to get some of this blocking pushed back on
the SMTP connection so I have more room for other things. I have a very
small box.
More information about the Bogofilter
mailing list